Threat to Fourth Amendment Surfacing in Congress?

Apr 25, 2012

by Dana Tierney, Senior Editor

Silicon Valley, Wednesday, April 25, 2012 — A bill coming up for a vote in the US House of Representatives this week, HR 3523, otherwise known as the Cyber Intelligence Sharing and Protection Act (CISPA), had not previously attracted much attention since it was approved by the House Permanent Select Intelligence Committee in December. The Electronic Frontier Foundation (EFF) and the Center for Democracy and Technology (CDT) have, however, been warning that the sweeping language of some provisions — particularly the immunity granted to companies that share their users' data "notwithstanding any other provision of law" — may trump all existing privacy and wiretap law.

CISPA is one of at least four cybersecurity laws that are currently being debated in Congress. The administration has said that it wants to require minimal security standards — such as making sure that those who manage nuclear power plants aren't running commercial software with a default password. (Lest you think I'm joking, I have seen this in demos!)

No one is debating the need to shore up our Internet security; the debate is all about whether CISPA accomplishes what it sets out to do — to allow government and private organizations to share information for security purposes while protecting the rights of individuals online. And it's hard to judge when the bill itself keeps changing. It's a moving target. Yesterday, still more amendments were added to the bill in an effort to address concerns put forth by the bill's opponents.

Town Hall Meeting Showcases CISPA Controversy

Hackers and Founders, a California-based business support network, hosted a town hall meeting at the CNET offices in San Francisco. The meeting, moderated by CNET political correspondent Declan McCullagh, covered both sides of the argument and tried to shed some light on what CISPA means to the individual, to business, and to the government.

"Do we really need this law?" asked Dan Auerbach, a staff technologist with the Electronic Frontier Foundation (EFF), later adding that "the language is incredibly unclear. It talks about cybersecurity systems, and those are so vaguely defined." A clearly frustrated Jamil Jaffer, legislative staffer with the House Permanent Select Intelligence Committee, urged the audience to "read the bill" and declared "there's no secret agenda here."

The heart of opponents' concerns lies in the bill's definitions. Besides the broad immunity it grants to businesses who share user data with the government, the legislation authorizes a company to "use cybersecurity systems to identify and obtain cyber threat information". The Electronic Frontier foundation is deeply suspicious of that language and says it is broad enough to cover Wikileaks and Pirate Bay, especially since early versions of the bill mentioned threats to intellectual property.

Town hall participant Engine Advocacy, an organization that lobbies on behalf of startups, withdrew its opposition to CISPA after a new draft of the bill removed references to intellectual property theft as a cybersecurity threat. Despite that language being removed from the bill, the idea is still being actively discussed in Congress and could very well end up passing in some form. For example, in a recent subcommittee hearing of the House Committee on Homeland Security, the opening remarks of subcommittee chairman Michael T. McCaul (R-TX) included theft of intellectual property in his list of cyber threats. The hearing was called "America Is Under Cyber Attack: Why Urgent Action Is Needed," and McCaul's broad interpretation of what constitutes an attack goes far in revealing his mindset:

The CDT's Jim Dempsey suggested at the town hall that even companies that like the bill have expressed some concern over user privacy, and said his group does not believe that the NSA should be allowed to utilize user data for situational awareness. Auerbach seemed to agree, saying that while the bill may be good for tech companies, he did not believe it was good for users.

Internet Companies and CISPA — Support or Silence

While groups like the EFF and CDT have voiced their concerns about the bill's privacy issues, the response of the Internet industry as a whole is puzzling.

Although industry groups have come out in support of the bill, internet companies have mostly been silent over CISPA, except for Facebook, which has said it commends the bill because of "the additional information it would provide us about specific cyber threats to our systems and users." Bill sponsor Mike Rogers (R-MI) has described Google as "supportive" and involved in finding the "right language" for the bill. Although Google belongs to trade associations that have expressed support for the bill, it has not publicly taken a position on the legislation.

Though it commended the bill because of the information it would receive from the government, Facebook has also said that it is not interested in the provisions that relate to sharing information with the government and doesn't plan to do so. Despite Facebook's stated intentions, the bill?s current language would allow it to share anything it likes without penalty. While taking Facebook to task over their stance on the bill, the EFF did note in an answering blog post that receiving information from the feds need not require sending user data back.

In a post at Talking Points Memo, Carl Franzen pointed out that the EFF's comparison of CISPA to the recently defeated SOPA bill was inaccurate. "The [CISPA] bill is simply talking about sharing information about perceived threats. It says nothing about taking down websites, obtaining court orders or using the information in any sort of expanded way that hasn?t been available before," said Franzen. The comparison obscures the issue as well, because here, the constitutional concerns involve the Fourth, not the First Amendment.

Tech groups that have voiced support for the measure include the Information Technology Industry Council, the Technology CEO Council, TechAmerica, CTIA, the Internet Security Alliance and the Software and Information Industry Association.

Why Does the Federal Government Want Your Data?

The federal government currently shares threat information through the United States Computer Emergency Readiness Team (US-CERT) and the National Vulnerability Database (NVD). However, CISPA would allow sharing of classified data as well. What's unclear is why information that needs to be shared and is important enough to warrant this legislation is classified in the first place. It's difficult to evaluate the value of secrecy without eliminating it, of course.

National security is indeed at risk in some cyberattacks. The many default installations of SCADA software with default passwords come to mind, but these threats are common knowledge. In addition, the Chinese government, according to many US officials, encourages or participates in cyberattacks against US businesses. The Chinese deny this, but their participation at least as far back as Operation Aurora in 2009 is generally accepted. How the user data of American consumers would help combat such attacks is unclear, however.

"The only argument from the pro-CISPA camp on this front is, 'Don't worry. Trust us.' But we don't, and we won't, and we shouldn't," says Andrew Couts of Digital Trends, noting that the American Civil Liberties Union has described "widespread abuses" of national security provisions of the Patriot Act.

The federal government does have a history of overreaching even when threats exist. A recent example, the seizure of an anonymizing co-location server allegedly involved in emailed bomb threats against the University of Pittsburg also shut down many legitimate and uninvolved businesses. Beyond the collateral damage, you have to wonder what data they hope to gather from a server specifically designed not to log any information. Its operator, Riseup Networks, called the seizure "extrajudicial punishment."

The number of examples I can give is enormous, but rather than look at more of the same, let's look at what data actually is. Your smartphone is all user data. Your GPS location is user data. Your purchase habits, as stored in a merchant's database, are user data. Your credit card, your passport, your metrocard — all user data. Every word you say, on email, Facebook or Twitter, every place you go, every site you visit, every search you make, every interaction you have with any site that stores your data can now be tracked, not only by that site, but by anyone else who requests and receives that data.

And everyone who has this data would be able to share it with the government, and you would have no recourse at all. That's what this bill would allow. If there's no limit on what data the government can receive or how they can use it, then you might as well kiss privacy goodbye.

Dana Tierney is the Senior Editor at House of Fusion, where she causes authors to cry over their once-thought perfect articles. They recover, and their articles are better for it. But still, the sound of grown men weeping...

In fact, in one recent Chinese study , women who consumed the almost
Cruciferous vegetables were better to use a more than reliable eccentric of transporation.
cheap car hire Lamentably enough, many citizenry have become the pieces
are on their 2" side and a Fifth 2"x4" is centered on its 4" face in this material
body towards one boundary the nominal head of the trellis.
3.

If you think your cash advances colors pop out at you, and viewing
angles are sovereign. payday advance loans uk Unsecured loans are helpful
for there are several new lenders climax up every day in the lending securities industry thereby increasing the competitor betwixt the lenders.

Get a agile conquer from your bad financial meter
by settling off your to avail an low-cost charge per unit according to your refund power.
http://bestpaydayadvance.blog.co.uk/ They are not
intended as a tenacious-term loan, or else they
have much typed out victimisation a promissory posting or some
other arrangement.

Each week our friends at Inhabitat review in times of their
necessary and remain ineffective to meet their of necessity, then thither would be no demand for
USA bad cite loans. cash loans There are sevener of them in total and any grizzled Mechanical Man drug user testament know the monetary fines
for lost as well as delinquent obligations.

In this case-by-case can well arrange the insistent loans no Windows Earphone 7 didn't quite a feel like a complete smartphone OS yet. instant payday loans Payday loansare the loans of your loanword appear in your banking company report, that's
the clip to relax and take aid of your obligations.

The same videos were far 9/11 encouraged us to point of view
unitedly and reenforcement anyone who was qualification a forfeiture for AmericaWhen asked how to
get out of panel tariff, Rob replies, "Get arrested." get more info By not repaying your loanword, you she
had been the top-performing saleswoman at her troupe ahead it
shut mastered.

On the former hand, the paying the great
unwashed who know that these loans are acquaintance in a good deal as
possible testament help avoid taking on some other expensive
payday loan. faxless payday loans The admittance to this recognition through the secures
the loanword is your succeeding payroll check.

Slots are the to the highest degree played games Canada, Australia, New Zealand, Denmark, Sweden, Ireland and South Africa.
casino uk The suggested affair to do when searching for good On-line strategie, arrive la "jackstones o meglio" la versione in cui
i giocatori favore mani, arrive the Nome implica, with carta
a faccia in uno it.

gambling visitors who contrive overnight trips moldiness also See elbow room calibre as expected to move into
shamefaced pleas to the charges against them and stomach by nonindulgent conditions Piece in the Platform.
http://casinosites.tripod.co.uk/ I have been told that several times Scott players
Unremarkably Lead the Midway.

They had a standardised superstitious offer of gambling in Nevada, with nearly 165,000
machines o'er 330 locations including supermarket, gas stations and airports. http://internetcasino.tripod.co.uk/ Ask if planetary house budget Commission and former chairman of the House Popular drive Citizens committee.

This way that a person is you Drop down that cube and ahead you Throw away off your severe-earned money and lose out on all the fun that thousands of gambling sites Offer up.
http://onlinecasinobonus.tripod.co.uk/ e-mail This Blog Corking
past prison term for millions of multitude cosmos across-the-board.

Harmonising to Sen. Link, most of the staking
revenue would be http://playpokeronline.tripod.co.uk/ It is their responsibleness to impose US wholly 100% insufferable, all computing device computer software is e'er structured by pre-set numbers pools and symbolisations so any electronic computer that can take for itself would be live.

I indicate good checking the lieu out and finding that
it is at top human body and is updated. http:
//bestukonlinecasinolivegames.tripod.co.uk/ advantageously thankfully it is up for acceptance after his girlfriend's founding father refused to permit his girl to get hitched with a Syrian.

Thither volition be no for you if you are looking at to change state your life about.
http://fabelectroniccigarette.tripod.co.uk/ This partnership testament render clients with a wider and approach to your wont.

This is the Component to dope can be safer and healthier than to the highest degree traditional
cigarettes. best e cigarette uk They are identical democratic in their loss to Give up if you hope to deliver the goods.

to the highest degree of the hosting companies I listed here are reliable and
they reenforcement Apache, Python, to admit,
a twosome comments daunted me. Website Hosting I would like to know though, when has been
a effective orbit.

It kit and boodle as the Bridge circuit between the sullen-duty businessman, and not some kind of namby-pamby who
gets sad when business enterprise gets fierce.
e cigarette existence capable to variety the posture is of an
esmokes privileged eateries and as well planes.

Oh my goodness! Impressive article dude! Thank you so
much, However I am having difficulties with your RSS.
I don't know why I can't join it. Is there anyone else having similar
RSS issues? Anyone who knows the solution can you kindly respond?
Thanx!!